cvelistv5 - cve-2015-6413

CVE-2015-6413 (GCVE-0-2015-6413)

Vulnerability from cvelistv5 – Published: 2015-12-13 02:00 – Updated: 2024-08-06 07:22

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/79088	vdb-entryx_refsource_BID
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1034378	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:21.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "79088",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79088"
          },
          {
            "name": "20151209 Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
          },
          {
            "name": "1034378",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034378"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "79088",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79088"
        },
        {
          "name": "20151209 Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
        },
        {
          "name": "1034378",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034378"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6413",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "79088",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79088"
            },
            {
              "name": "20151209 Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
            },
            {
              "name": "1034378",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034378"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6413",
    "datePublished": "2015-12-13T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:21.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*\", \"matchCriteriaId\": \"D44B9E1D-623E-4C76-B4DD-5BEACEFF9154\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.\"}, {\"lang\": \"es\", \"value\": \"Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 permite a usuarios remotos autenticados eludir las restricciones de solo lectura previstas y la carga de archivos Tandberg Linux Package (TLP) visitando una p\\u00e1gina administrativa, tambi\\u00e9n conocido como Bug ID CSCuw55651.\"}]",
      "id": "CVE-2015-6413",
      "lastModified": "2024-11-21T02:34:57.140",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-12-13T03:59:07.460",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/79088\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1034378\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/79088\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034378\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6413\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-12-13T03:59:07.460\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.\"},{\"lang\":\"es\",\"value\":\"Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 permite a usuarios remotos autenticados eludir las restricciones de solo lectura previstas y la carga de archivos Tandberg Linux Package (TLP) visitando una p\u00e1gina administrativa, tambi\u00e9n conocido como Bug ID CSCuw55651.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*\",\"matchCriteriaId\":\"D44B9E1D-623E-4C76-B4DD-5BEACEFF9154\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/79088\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1034378\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/79088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2015-08276

Vulnerability from cnvd - Published: 2015-12-16

Title

Cisco TelePresence Video Communication Server Expressway未授权访问漏洞

Description

Cisco TelePresence Video Communication Server是美国思科公司的一款网真视频通信服务器。 Cisco TelePresence Video Communication Server (VCS) Expressway X8.6在实现上存在安全漏洞，经过身份验证的远程用户通过浏览管理员页面，利用此漏洞可绕过目标只读限制，上传TLP文件。

Severity

中

Formal description

目前没有详细解决方案提供： http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6413

Impacted products

Name
Cisco TelePresence Video Communication Server (VCS) Expressway x8.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6413"
    }
  },
  "description": "Cisco TelePresence Video Communication Server\u662f\u7f8e\u56fd\u601d\u79d1\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\u3002\r\n\r\nCisco TelePresence Video Communication Server (VCS) Expressway X8.6\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u901a\u8fc7\u6d4f\u89c8\u7ba1\u7406\u5458\u9875\u9762\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u7ed5\u8fc7\u76ee\u6807\u53ea\u8bfb\u9650\u5236\uff0c\u4e0a\u4f20TLP\u6587\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08276",
  "openTime": "2015-12-16",
  "products": {
    "product": "Cisco TelePresence Video Communication Server (VCS) Expressway x8.6"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6413",
  "serverity": "\u4e2d",
  "submitTime": "2015-12-14",
  "title": "Cisco TelePresence Video Communication Server Expressway\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

GHSA-58FM-PMP5-Q9G7

Vulnerability from github – Published: 2022-05-17 03:26 – Updated: 2022-05-17 03:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6413"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-13T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.",
  "id": "GHSA-58fm-pmp5-q9g7",
  "modified": "2022-05-17T03:26:33Z",
  "published": "2022-05-17T03:26:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6413"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/79088"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034378"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-6413

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6413

Aliases

CVE-2015-6413

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6413",
    "description": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.",
    "id": "GSD-2015-6413"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6413"
      ],
      "details": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.",
      "id": "GSD-2015-6413",
      "modified": "2023-12-13T01:20:04.339551Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6413",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "79088",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/79088"
          },
          {
            "name": "20151209 Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
          },
          {
            "name": "1034378",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034378"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6413"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20151209 Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
            },
            {
              "name": "79088",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/79088"
            },
            {
              "name": "1034378",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034378"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T18:20Z",
      "publishedDate": "2015-12-13T03:59Z"
    }
  }
}

VAR-201512-0388

Vulnerability from variot - Updated: 2023-12-18 14:05

Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. Cisco TelePresence Video Communication Server is a telepresence video communication server from Cisco Systems, USA. Attackers can exploit this issue to gain unauthorized access to the affected application. This may help in further attacks. This issue is being tracked by Cisco bug ID CSCuw55651

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.6"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "expressway x8.6"
      },
      {
        "model": "telepresence video communication server expressway",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8.6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "79088"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6413",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-6413",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2015-08276",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-84374",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6413",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-08276",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-399",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84374",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. Cisco TelePresence Video Communication Server is a telepresence video communication server from Cisco Systems, USA. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may help in further attacks. \nThis issue is being tracked by Cisco bug ID CSCuw55651",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "BID",
        "id": "79088"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6413",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "79088",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1034378",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "db": "BID",
        "id": "79088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "id": "VAR-201512-0388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:05:59.128000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20151209-tvc",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-tvc"
      },
      {
        "title": "Cisco TelePresence Video Communication Server Expressway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59215"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-tvc"
      },
      {
        "trust": 1.4,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6413"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/79088"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034378"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6413"
      },
      {
        "trust": 0.3,
        "url": "www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "db": "BID",
        "id": "79088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "db": "BID",
        "id": "79088"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "date": "2015-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "date": "2015-12-09T00:00:00",
        "db": "BID",
        "id": "79088"
      },
      {
        "date": "2015-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "date": "2015-12-13T03:59:07.460000",
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84374"
      },
      {
        "date": "2016-07-05T22:23:00",
        "db": "BID",
        "id": "79088"
      },
      {
        "date": "2015-12-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006387"
      },
      {
        "date": "2016-12-07T18:20:08.663000",
        "db": "NVD",
        "id": "CVE-2015-6413"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08276"
      },
      {
        "db": "BID",
        "id": "79088"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-399"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-6413

Vulnerability from fkie_nvd - Published: 2015-12-13 03:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/79088
psirt@cisco.com	http://www.securitytracker.com/id/1034378
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/79088
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034378

Impacted products

	Vendor	Product	Version
	cisco	telepresence_video_communication_server_software	x8.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6:*:*:*:expressway:*:*:*",
              "matchCriteriaId": "D44B9E1D-623E-4C76-B4DD-5BEACEFF9154",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651."
    },
    {
      "lang": "es",
      "value": "Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 permite a usuarios remotos autenticados eludir las restricciones de solo lectura previstas y la carga de archivos Tandberg Linux Package (TLP) visitando una p\u00e1gina administrativa, tambi\u00e9n conocido como Bug ID CSCuw55651."
    }
  ],
  "id": "CVE-2015-6413",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-12-13T03:59:07.460",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/79088"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/79088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034378"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6413 (GCVE-0-2015-6413)

CNVD-2015-08276

GHSA-58FM-PMP5-Q9G7

GSD-2015-6413

VAR-201512-0388

FKIE_CVE-2015-6413

Tags

Sightings

Nomenclature